skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Security of GPS/INS Based On-road Location Tracking Systems
Location information is critical to a wide variety of navigation and tracking applications. GPS, today's de-facto outdoor localization system has been shown to be vulnerable to signal spoofing attacks. Inertial Navigation Systems (INS) are emerging as a popular complementary system, especially in road transportation systems as they enable improved navigation and tracking as well as offer resilience to wireless signals spoofing and jamming attacks. In this paper, we evaluate the security guarantees of INS-aided GPS tracking and navigation for road transportation systems. We consider an adversary required to travel from a source location to a destination and monitored by an INS-aided GPS system. The goal of the adversary is to travel to alternate locations without being detected. We develop and evaluate algorithms that achieve this goal, providing the adversary significant latitude. Our algorithms build a graph model for a given road network and enable us to derive potential destinations an attacker can reach without raising alarms even with the INS-aided GPS tracking and navigation system. The algorithms render the gyroscope and accelerometer sensors useless as they generate road trajectories indistinguishable from plausible paths (both in terms of turn angles and roads curvature). We also design, build and demonstrate that the magnetometer can be actively spoofed using a combination of carefully controlled coils. To experimentally demonstrate and evaluate the feasibility of the attack in real-world, we implement a first real-time integrated GPS/INS spoofer that accounts for traffic fluidity, congestion, lights, and dynamically generates corresponding spoofing signals. Furthermore, we evaluate our attack on ten different cities using driving traces and publicly available city plans. Our evaluations show that it is possible for an attacker to reach destinations that are as far as 30 km away from the actual destination without being detected. We also show that it is possible for the adversary to reach almost 60--80% of possible points within the target region in some cities. Such results are only a lower-bound, as an adversary can adjust our parameters to spend more resources (e.g., time) on the target source/destination than we did for our performance evaluations of thousands of paths. We propose countermeasures that limit an attacker's ability, without the need for any hardware modifications. Our system can be used as the foundation for countering such attacks, both detecting and recommending paths that are difficult to spoof.  more » « less
Award ID(s):
1850264 1661532
PAR ID:
10132939
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
2019 IEEE Symposium on Security and Privacy (SP)
Volume:
1
Page Range / eLocation ID:
1092-1106
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, IEEE Annual Computing and Communication Workshop and Conference (CCWC))
    Unmanned Aerial Systems (UAS) heavily depend on the Global Positioning System (GPS) for navigation. However, the unencrypted civilian GPS signals are subject to different types of threats, including GPS spoofing attacks. In this paper, we evaluate five instance-based learning models for GPS spoofing detection in UAS, namely K Nearest Neighbor, Radius Neighbor, Linear Support Vector Machine (SVM), C-SVM, and Nu-SVM. We used software-defined radio units to collect and extract features from satellite signals. Then, we simulated three types of GPS spoofing attacks specifically the simplistic, intermediate, and sophisticated attacks. The evaluation results show that Nu-SVM outperforms the other instance learning classifiers in terms of accuracy, probability of detection, probability of false alarm, and probability of misdetection. In addition, the model shows good computational performance regarding memory usage and processing time in the detection phase. 
    more » « less
  2. ; ; ; (, IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference)
    The security of Unmanned Aerial System (UAS) networks is becoming crucial as their number and application in several fields are increasing every day. For navigation and positioning, the Global Navigation System (GPS) is essential as it provides an accurate location for the UAS. However, since the civilian GPS signals are open and unencrypted, attackers target them in different ways such as spoofing attacks. To address this security concern, we propose a comparison of several tree-based machine learning models, namely Random Forest, Gradient Boost, XGBoost, and LightGBM, to detect GPS spoofing attacks. In this work, the dataset was built of real GPS signals that were collected using a Software Defined Radio unit and different types of simulated GPS spoofing attacks. The results show that XGBoost has the best accuracy (95.52%) and fastest detection time (2ms), which makes this model appropriate for UAS applications. 
    more » « less
  3. ; ; (, IEEE Consumer Communications and Networking Conference (CCNC))
    Although some existing counterdrone measures can disrupt the invasion of certain consumer drone, to the best of our knowledge, none of them can accurately redirect it to a given location for defense. In this paper, we proposed a Drone Position Manipulation (DPM) attack to address this issue by utilizing the vulnerabilities of control and navigation algorithms used on consumer drones. As such drones usually depend on GPS for autopiloting, we carefully spoof GPS signals based on where we want to redirect a drone to, such that we indirectly affect its position estimates that are used by its navigation algorithm. By carefully manipulating these states, we make a drone gradually move to a path based on our requirements. This unique attack exploits the entire stack of sensing, state estimation, and navigation control together for quantitative manipulation of flight paths, different from all existing methods. In addition, we have formally analyzed the feasible range of redirected destinations for a given target. Our evaluation on open-source ArduPilot system shows that DPM is able to not only accurately lead a drone to a redirected destination but also achieve a large redirection range. 
    more » « less
  4. ; ; (, IEEE)
    As many mobile devices use Global Navigation Satellite Systems (GNSSs) to determine their locations for control, compromising such systems can result in serious consequences, as shown by existing GPS spoofing attacks. However, most such spoofing attacks focus on the effect of a single spoofer attacking a single receiver. In this paper, we investigate the impacts of a single spoofer on multiple receivers, motivated by research on attacking drone swarms. Our analysis independently shows that, using a single spoofer, multiple receivers at different locations in a spoofing area will see the same location reading. We consider the base case of spoofing four satellites and also the generic case when more satellites are involved in the spoofing attack. More importantly, we conduct real-world experiments to validate our analysis and demonstrate the potential threats to many practical applications. We use off-the-shelf SDR cards for spoofing and consumer GPS receivers for obtaining spoofed location readings. While this method can enable various attacks on mobile devices depending on GPS, it is also applicable to all existing GNSSs, because they use similar principles to determine locations. 
    more » « less
  5. ; ; ; ; (, 59th IEEE Conference on Decision and Control)
    null (Ed.)
    Unmanned aerial vehicles (UAVs) suffer from sensor drifts in GPS denied environments, which can lead to potentially dangerous situations. To avoid intolerable sensor drifts in the presence of GPS spoofing attacks, we propose a safety constrained control framework that adapts the UAV at a path re-planning level to support resilient state estimation against GPS spoofing attacks. The attack detector is used to detect GPS spoofing attacks and provides a switching criterion between the robust control mode and emergency control mode. An attacker location tracker (ALT) is developed to track the attacker's location and estimate the spoofing device's output power by the unscented Kalman filter (UKF) with sliding window outputs. Using the estimates from ALT, we design an escape controller (ESC) based on the model predictive controller (MPC) such that the UAV escapes from the effective range of the spoofing device within the escape time. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email